/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.swe.chums.filter;

import com.swe.chums.beans.LoginBean;
import com.swe.chums.utils.OperationPageTypeEnum;
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 *
 * @author cilingir
 */
public class RestrictPageFilter implements Filter {

    private Log log = LogFactory.getLog(RestrictPageFilter.class);
    FilterConfig fc;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        fc = filterConfig;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        String pageRequested = req.getRequestURL().toString();
        LoginBean loginBean = (LoginBean) req.getSession().getAttribute("loginBean");
        
        // If the user is logged in
        boolean authorizedProfile = checkForProfileAuthorization(loginBean, pageRequested);
        if (authorizedProfile) {
            log.info("[RestrictPageFilter.doFilter] - authorized. letting go: " + pageRequested);
            chain.doFilter(request, response);
        } else {
            log.error("[RestrictPageFilter.doFilter] - Profile is not authorized for this operation: " + pageRequested);
            res.sendRedirect("index.xhtml?faces-redirect=true");
        }
    }

    @Override
    public void destroy() {
    }

    /**
     * Check if the user is authorized to view the requested page
     *
     * @param authorizedOperations
     * @param pageRequested
     * @return
     */
    private boolean checkForProfileAuthorization(LoginBean loginBean, String pageRequested) {

        OperationPageTypeEnum[] operationPages = OperationPageTypeEnum.values();
        for (int i = 0; i < operationPages.length; i++) {
            if (pageRequested.contains(operationPages[i].toString())) {
                if (operationPages[i].getId() == 1) {
                    if (loginBean!=null) {
                        if (loginBean.isIsAdmin()) {
                            return true;
                        } else {
                            return false;
                        }
                    } else {
                        return false;
                    }
                } else if (operationPages[i].getId() == 2) {
                    if (loginBean!=null) {
                        if (loginBean.isIsUser()) {
                            return true;
                        } else {
                            return false;
                        }
                    } else {
                        return false;
                    }
                } else if (operationPages[i].getId() == 3) {
                
                    if (loginBean!=null && loginBean.isLoggedIn()) {
                        return false;
                    } else {
                        return true;
                    }
                }
                
            }
        }
        return true;
    }
}
